While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to the every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Cyber, Malicious Attacks Estimated At 17.6 Million Sites In 2018

Cybercriminals increasingly automate cyber and malicious attacks to expand their reach and frequency. Daily attempts on websites grew by 59% from January 2018 to December 2018, and based on the
average sampling there were 62 attacks per day from more than 330 bots last year.

The SiteLock 2019 Website Security Report analyzed more than 6 million websites to determine the most prevalent cyber threats and identify the top website risks in 2018
and emerging trends for 2019.

Despite the
increase in attacks, the number of infected websites remained constant at 1% throughout 2018, equating to 17.6 million websites worldwide attacked at any given time. While the numbers continue to
rise, the findings also suggest website security solutions are becoming more effective in defending against sophisticated attacks.

advertisement

advertisement

Only 15% of malware-infected websites were blacklisted last
year by search engines such as Bing and Google. That's down 4% from the prior year. Many website owners assume a search engine will alert them if malware is on their site, but that’s not always
the case.

The report notes that search engines are using greater caution when blacklisting websites to avoid reporting errors at the site owner’s expense. When blacklisting occurs, the
consequences can impact a website’s traffic, reputation, and even profitability.

Malware known as backdoor, shell scripts, and filehackers were the top three infections found on hacked
sites at 50%, 48% and 47%, respectively. Javascript files dominated the files cleaned by Sitelock’s malware scanner at a rate of nearly two times the next closest category, malicious
redirects.

Javascript attacks are different than a backdoor file or a shell script because the intent is to hijack the visitors or the website, not to have control of the website.

Javascript files symptoms are often not visible to the website owner and are thus becoming a new favorite weapon of cybercriminals. Defacements continued to drop in popularity, found on only 15% of
infected sites and accounting for only 5% of malicious attacks in 2018.

One reason for the decrease, per the report, can be attributed to cybercriminals leveraging “quieter, symptomless
attacks.” For example, search engine optimization (SEO) spam, a former favorite type of attack, accounted for only 2% of malware this year and was found on only 18% of infected websites.